MOA is a cloud-first, Rust-based, multi-tenant AI agent operations platform for enterprises.
MOA runs durable agent sessions on Restate, stores product and audit data in Postgres/Neon with pgvector, segments conversations into discrete tasks, scores task resolution automatically, and feeds those outcomes into tenant-controlled learning. It is built for organizations that need governed agent execution: auditable event logs, isolated tool execution, tenant-owned intent taxonomies, approval flows, lineage, and rollbackable learning.
Local development uses the same Restate-backed orchestrator that production uses. The CLI is a thin client pointed at a Restate ingress endpoint.
Status: early active development. The architecture is stable enough to document, but APIs and product surfaces still move.
- Enterprise tenancy: teams own users, workspaces, sessions, memory, skills, intents, learning entries, lineage, and audit evidence.
- Durable orchestration: Restate virtual objects own sessions and sub-agents; workflows own one-shot jobs such as memory consolidation and intent discovery.
- Postgres everywhere: sessions, events, analytics, task segments, memory indexes, embeddings, intents, and the learning log live in Postgres/Neon.
- Task-aware sessions: every session can contain multiple task segments, each with intent metadata, tool and skill usage, cost, and a resolution score.
- Per-tenant learning: tenants own their intent taxonomy and learning log. Global catalog intents are opt-in only.
- Governed execution: risky actions require approval, secrets stay outside generated code, and hands/MCP tools run through explicit policy.
- Resolution-weighted skills: skill ranking uses tenant-level resolution data, not only recency or usage count.
- Inspectable operation: every event, learning entry, tool call, approval, and materialized analytics view is queryable.
- Pluggable hands: local execution, Docker, Daytona, E2B, and MCP tools all route through the hand/tool abstraction.
- Model-agnostic providers: Anthropic, OpenAI, and Google Gemini are first-class provider targets.
make dev brings up the full local stack:
- Postgres with AGE, pgvector, and pgaudit on
localhost:25432 - Restate Server 1.6.2 on
localhost:18080for ingress andlocalhost:9070for the UI moa-orchestratoronlocalhost:9080for the Restate handler andlocalhost:9081for health- PII filter on
localhost:8080 - audit log shipper with no exposed port
The orchestrator registers its handlers with Restate automatically through the
restate-register sidecar service.
To wait for everything to be ready:
make dev-statusTo open the Restate web UI and inspect invocations, K/V state, and deployments:
make dev-restate-uiTo stop everything while preserving data:
make dev-downTo stop and wipe all volumes, including Postgres data and Restate state:
make dev-wipeIf localhost:18080 is already in use, override the Restate ingress port in a
local compose.override.yml.
Use the CLI against the local stack:
MOA__ORCHESTRATOR__ENDPOINT=http://localhost:18080 cargo run -p moa-cli -- exec "What is 2+2?"For a remote orchestrator, set MOA__ORCHESTRATOR__ENDPOINT to that Restate
ingress URL or configure [orchestrator].endpoint in ~/.moa/config.toml.
Run the deterministic load-test smoke profile against the local stack:
make loadtest-mockFor a live-provider run against the same Restate ingress:
make loadtest-livemake loadtest-mock restarts the orchestrator with
MOA_PROVIDERS_OVERRIDE=scripted:/loadtest-scripts/perf-gate.json.
Cloud mode runs the moa-orchestrator-bin Restate handler service plus Postgres/Neon and the configured hand provider.
POSTGRES_URL=postgres://...
RESTATE_ADMIN_URL=http://localhost:9070
OPENAI_API_KEY=...
cargo run -p moa-orchestrator --bin moa-orchestrator-bin -- --port 9080 --health-port 9081The binary serves these Restate surfaces: Session, SubAgent, Workspace, SessionStore, ToolExecutor, LLMGateway, WorkspaceStore, IntentManager, Consolidate, IntentDiscovery, IngestionVO, and Health. Deployment registration is handled outside the binary.
The Docker image builds moa-orchestrator-bin and installs it as /usr/local/bin/moa-orchestrator.
Required cloud process configuration includes:
POSTGRES_URL=postgres://...
RESTATE_ADMIN_URL=http://localhost:9070
OPENAI_API_KEY=...
DAYTONA_API_KEY=... # optional, depending on hand providerREST / Gateway / CLI
|
v
Restate handler service (`moa-orchestrator-bin`)
|
+-- Session VO -> TurnRunner -> context pipeline -> LLMGateway
+-- SubAgent VO -> bounded child agent execution
+-- ToolExecutor -> ToolRouter -> hands / MCP / built-ins
+-- Consolidate workflow -> memory compaction
+-- IntentDiscovery workflow -> tenant intent proposals
|
v
Postgres / Neon
sessions, events, task_segments, analytics views,
graph memory, sidecar indexes, pgvector embeddings,
tenant_intents, global_intent_catalog, learning_log,
lineage, scores, compliance audit tables
The context pipeline is byte-stable where possible for prompt caching. With query rewriting enabled, the current processors are: identity, instructions, tools, skills, query rewrite, memory, history, runtime context, compactor, and cache optimizer.
Memory is split across four crates under crates/moa-memory/:
graph/- Apache AGE adapter, bi-temporal write protocolvector/- pgvector / Turbopuffer, Gemini and Cohere embedderspii/- redaction at ingestion via openai/privacy-filter HTTP serviceingest/- slow-path Restate VO, fast-path API, contradiction detector
See docs/architecture/type-placement.md for how types are owned across these
crates and crates/moa-memory/README.md for crate-level details.
| Crate | Role |
|---|---|
moa-core |
Shared types, traits, config, events, telemetry, analytics DTOs |
moa-brain |
Context pipeline, query rewriting, segment helpers, intent classifier, resolution scoring, streamed turns |
moa-session |
Postgres session store, event log, task segments, intent tables, learning log, analytics views |
moa-memory-graph |
Graph memory store, SQL sidecars, RLS, bitemporal state, and changelog |
moa-memory-ingest |
Slow-path graph ingestion and fast memory write APIs |
moa-memory-vector |
pgvector-backed graph embeddings and vector lookup |
moa-memory-pii |
PII classification and privacy filtering for memory writes |
moa-lineage-core |
Lineage records and score record types |
moa-lineage-sink |
Async lineage sink writers |
moa-lineage-otel |
OTel/OpenInference bridge |
moa-lineage-citation |
Citation/provenance adapters |
moa-lineage-cold |
Cold lineage export and partition support |
moa-lineage-audit |
Compliance audit hashes, Merkle roots, signing, DSAR support |
moa-hands |
Tool router, local/Docker hands, Daytona, E2B, MCP client |
moa-providers |
LLM and embedding providers |
moa-orchestrator |
Restate services, virtual objects, workflows, and handler binary |
moa-gateway |
Telegram, Slack, Discord adapters and platform rendering |
moa-runtime |
Thin runtime facade over the orchestrator HTTP client |
moa-cli |
Thin-client moa CLI and orchestrator diagnostics |
moa-security |
Credential vault, MCP proxy, policies, prompt-injection controls |
moa-skills |
Agent Skills parsing, distillation, improvement, regression suites |
moa-eval |
Evaluation harness |
moa-loadtest |
Load-test harness |
workspace-hack |
Generated cargo-hakari crate for dependency feature unification |
xtask |
Repo-local audit and maintenance commands |
Start with docs/README.md, then read:
docs/01-architecture-overview.mdfor the system model and trait map.docs/02-brain-orchestration.mdfor Restate session and sub-agent flow.docs/13-task-segmentation.mdfor segments and resolution scoring.docs/14-multi-tenancy-and-learning.mdfor tenants, intents, catalog adoption, and the learning log.architecture.mdfor the current enterprise runtime map.
cargo fmt --all
cargo clippy --workspace --all-targets -- -D warnings
cargo test --workspace --no-runProvider request-body and other byte-stability snapshots follow the pattern in docs/testing/snapshot-pattern.md.
Apache-2.0. See LICENSE.